Republic of Korea: Implemented PIPC revisions to the standards for ensuring the safety of personal information

On 22 September 2023, the Personal Information Protection Committee (PIPC) adopted revisions to the standards for ensuring the safety of personal information. The measures come into force on the same day. The standard includes measures related to personal information processing, impacting both personal information processors and information and communication service providers. It consolidates similar and different provisions from general regulations and special regulations into the general regulations, making them technology-neutral and ensuring consistent application. Safety measures such as internet network blocking and encryption remain unchanged. Measures for failed authentication attempts, encryption during internet transmission, encryption key management procedures, connection record inspection, and disaster preparedness safety measures are now applicable to all personal information processors. In addition, major public system operating organisations are now required to include safety measures for each public system in their internal management plans. These organisations must automatically analyse and inspect access records when granting, changing, or deleting access rights.